Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9FYjkbyiPO93k3p9SHxrG6ahGUw.roa
File:                     9FYjkbyiPO93k3p9SHxrG6ahGUw.roa (raw, json)
Hash identifier:          TQJMO+9hWFmkgW+il3zzodV+3rh1u+2oB5bvfciSHLU=
Subject key identifier:   F4:56:23:91:BC:A2:3C:EF:77:93:7A:7D:48:7C:6B:1B:A6:A1:19:4C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018835368378B757FA800F2F93D1C14D5AC5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9FYjkbyiPO93k3p9SHxrG6ahGUw.roa
Signing time:             Fri 19 May 2023 18:12:24 +0000
ROA not before:           Fri 19 May 2023 18:12:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:35:36:83:78:b7:57:fa:80:0f:2f:93:d1:c1:4d:5a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 19 18:12:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f4562391bca23cef77937a7d487c6b1ba6a1194c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:25:86:96:e9:0b:a8:c8:90:c8:6d:cc:84:40:
                    de:a5:25:ed:2e:79:3a:da:4d:3f:92:86:3d:58:37:
                    09:dc:79:aa:41:63:d0:39:df:6e:ee:e2:b7:d5:5d:
                    f2:82:3e:77:69:5b:d8:cf:a9:b1:d0:64:e7:b3:0a:
                    03:2e:13:41:d2:4c:07:a2:45:56:8f:98:24:94:f7:
                    53:0a:a0:25:e3:13:3e:d4:fe:3e:b8:6b:4f:e4:a5:
                    81:58:42:87:cf:65:cf:53:23:76:4d:ec:09:d4:a3:
                    8b:65:57:16:6b:74:c2:0c:e4:9f:48:46:4f:34:f2:
                    67:f1:b8:2d:07:1d:37:74:33:41:f0:26:96:75:a3:
                    7d:bf:d9:1c:3c:fa:25:35:04:73:9c:c9:a1:e3:0a:
                    52:82:da:27:a0:d4:45:9b:f7:fe:c9:eb:bf:5a:42:
                    da:e0:a7:ed:af:c5:88:f8:31:8d:2c:fb:98:46:1f:
                    12:17:f7:47:78:75:92:d3:93:59:57:02:00:70:2f:
                    a9:a9:2f:a0:2d:d3:a6:01:ad:c2:aa:58:ae:44:76:
                    87:a1:9c:ad:af:c7:35:28:52:44:00:94:85:13:56:
                    58:ed:42:5e:35:5a:60:c4:10:fd:ad:94:c2:4b:c1:
                    d5:3a:b4:df:50:17:f1:84:fa:c9:05:b6:84:7b:0c:
                    f1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:56:23:91:BC:A2:3C:EF:77:93:7A:7D:48:7C:6B:1B:A6:A1:19:4C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9FYjkbyiPO93k3p9SHxrG6ahGUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:17:36:cf:91:95:cf:be:28:02:3d:bd:9d:12:f6:38:35:e3:
         57:2a:73:af:85:45:fc:c3:29:6f:4a:55:be:1b:ef:c0:56:dd:
         a5:e6:81:d9:09:e0:30:95:57:89:84:a1:a3:0e:04:44:98:e4:
         a4:22:01:f1:62:25:6d:5c:d4:3a:11:fc:23:87:47:20:2c:7c:
         54:4d:73:87:cb:72:3e:da:c3:a3:a9:4a:53:40:a2:7c:b1:8b:
         ac:7f:f1:1f:6d:2b:92:9b:26:3e:73:e7:42:b2:90:cb:cd:0b:
         ad:ef:b0:fa:cf:0e:3b:e6:3b:2e:cd:b7:fc:0d:43:7a:14:d3:
         1a:2f:f9:bb:11:5f:64:3c:e0:ab:cf:55:54:22:e8:48:d5:58:
         5b:ff:38:61:13:b4:63:b0:c9:0b:53:6e:2c:75:01:52:cf:a1:
         63:ac:f6:6f:27:e1:95:d7:a7:45:92:ec:44:66:6d:00:a8:de:
         7a:c1:c0:a7:1d:de:f4:b7:be:cf:8b:d2:ba:30:da:49:a6:a8:
         87:24:ac:48:57:3f:ef:c6:dd:b1:ec:fa:d0:33:92:f8:e8:f6:
         6b:32:10:a1:b5:99:5d:e7:b8:f3:1b:7e:62:44:60:b0:d0:a1:
         27:8a:c3:23:68:ee:b6:95:1e:dc:80:08:90:87:30:a8:25:c3:
         51:d0:76:2c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg1NoN4t1f6gA8vk9HBTVrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE5MTgxMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDU2MjM5MWJjYTIzY2VmNzc5MzdhN2Q0ODdjNmIxYmE2YTExOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniWGlukLqMiQyG3MhEDepSXtLnk6
2k0/koY9WDcJ3HmqQWPQOd9u7uK31V3ygj53aVvYz6mx0GTnswoDLhNB0kwHokVW
j5gklPdTCqAl4xM+1P4+uGtP5KWBWEKHz2XPUyN2TewJ1KOLZVcWa3TCDOSfSEZP
NPJn8bgtBx03dDNB8CaWdaN9v9kcPPolNQRznMmh4wpSgtonoNRFm/f+yeu/WkLa
4Kftr8WI+DGNLPuYRh8SF/dHeHWS05NZVwIAcC+pqS+gLdOmAa3CqliuRHaHoZyt
r8c1KFJEAJSFE1ZY7UJeNVpgxBD9rZTCS8HVOrTfUBfxhPrJBbaEewzx5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPRWI5G8ojzvd5N6fUh8axumoRlMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOUZZamtieWlQTzkzazNwOVNIeHJHNmFoR1V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGgXNs+Rlc++KAI9vZ0S
9jg141cqc6+FRfzDKW9KVb4b78BW3aXmgdkJ4DCVV4mEoaMOBESY5KQiAfFiJW1c
1DoR/COHRyAsfFRNc4fLcj7aw6OpSlNAonyxi6x/8R9tK5KbJj5z50KykMvNC63v
sPrPDjvmOy7Nt/wNQ3oU0xov+bsRX2Q84KvPVVQi6EjVWFv/OGETtGOwyQtTbix1
AVLPoWOs9m8n4ZXXp0WS7ERmbQCo3nrBwKcd3vS3vs+L0row2kmmqIckrEhXP+/G
3bHs+tAzkvjo9msyEKG1mV3nuPMbfmJEYLDQoSeKwyNo7raVHtyACJCHMKglw1HQ
diw=
-----END CERTIFICATE-----